import * as ec2 from '@aws-cdk/aws-ec2'; import * as iam from '@aws-cdk/aws-iam'; import { IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { ContainerDefinition, ContainerDefinitionOptions, PortMapping, Protocol } from '../container-definition'; import { FirelensLogRouter, FirelensLogRouterDefinitionOptions } from '../firelens-log-router'; import { PlacementConstraint } from '../placement'; import { ProxyConfiguration } from '../proxy-configuration/proxy-configuration'; import { RuntimePlatform } from '../runtime-platform'; /** * The interface for all task definitions. */ export interface ITaskDefinition extends IResource { /** * ARN of this task definition * @attribute */ readonly taskDefinitionArn: string; /** * Execution role for this task definition */ readonly executionRole?: iam.IRole; /** * What launch types this task definition should be compatible with. */ readonly compatibility: Compatibility; /** * Return true if the task definition can be run on an EC2 cluster */ readonly isEc2Compatible: boolean; /** * Return true if the task definition can be run on a Fargate cluster */ readonly isFargateCompatible: boolean; /** * Return true if the task definition can be run on a ECS Anywhere cluster */ readonly isExternalCompatible: boolean; /** * The networking mode to use for the containers in the task. */ readonly networkMode: NetworkMode; /** * The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. */ readonly taskRole: iam.IRole; } /** * The common properties for all task definitions. For more information, see * [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html). */ export interface CommonTaskDefinitionProps { /** * The name of a family that this task definition is registered to. A family groups multiple versions of a task definition. * * @default - Automatically generated name. */ readonly family?: string; /** * The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. * * The role will be used to retrieve container images from ECR and create CloudWatch log groups. * * @default - An execution role will be automatically created if you use ECR images in your task definition. */ readonly executionRole?: iam.IRole; /** * The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. * * @default - A task role is automatically created for you. */ readonly taskRole?: iam.IRole; /** * The configuration details for the App Mesh proxy. * * @default - No proxy configuration. */ readonly proxyConfiguration?: ProxyConfiguration; /** * The list of volume definitions for the task. For more information, see * [Task Definition Parameter Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide//task_definition_parameters.html#volumes). * * @default - No volumes are passed to the Docker daemon on a container instance. */ readonly volumes?: Volume[]; } /** * The properties for task definitions. */ export interface TaskDefinitionProps extends CommonTaskDefinitionProps { /** * The networking mode to use for the containers in the task. * * On Fargate, the only supported networking mode is AwsVpc. * * @default - NetworkMode.Bridge for EC2 & External tasks, AwsVpc for Fargate tasks. */ readonly networkMode?: NetworkMode; /** * The placement constraints to use for tasks in the service. * * You can specify a maximum of 10 constraints per task (this limit includes * constraints in the task definition and those specified at run time). * * Not supported in Fargate. * * @default - No placement constraints. */ readonly placementConstraints?: PlacementConstraint[]; /** * The task launch type compatiblity requirement. */ readonly compatibility: Compatibility; /** * The number of cpu units used by the task. * * If you are using the EC2 launch type, this field is optional and any value can be used. * If you are using the Fargate launch type, this field is required and you must use one of the following values, * which determines your range of valid values for the memory parameter: * * 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) * * 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) * * 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) * * 2048 (2 vCPU) - Available memory values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) * * 4096 (4 vCPU) - Available memory values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) * * @default - CPU units are not specified. */ readonly cpu?: string; /** * The amount (in MiB) of memory used by the task. * * If using the EC2 launch type, this field is optional and any value can be used. * If using the Fargate launch type, this field is required and you must use one of the following values, * which determines your range of valid values for the cpu parameter: * * 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) * * 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) * * 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) * * Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) * * Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) * * @default - Memory used by task is not specified. */ readonly memoryMiB?: string; /** * The IPC resource namespace to use for the containers in the task. * * Not supported in Fargate and Windows containers. * * @default - IpcMode used by the task is not specified */ readonly ipcMode?: IpcMode; /** * The process namespace to use for the containers in the task. * * Not supported in Fargate and Windows containers. * * @default - PidMode used by the task is not specified */ readonly pidMode?: PidMode; /** * The inference accelerators to use for the containers in the task. * * Not supported in Fargate. * * @default - No inference accelerators. */ readonly inferenceAccelerators?: InferenceAccelerator[]; /** * The amount (in GiB) of ephemeral storage to be allocated to the task. * * Only supported in Fargate platform version 1.4.0 or later. * * @default - Undefined, in which case, the task will receive 20GiB ephemeral storage. */ readonly ephemeralStorageGiB?: number; /** * The operating system that your task definitions are running on. * A runtimePlatform is supported only for tasks using the Fargate launch type. * * * @default - Undefined. */ readonly runtimePlatform?: RuntimePlatform; } /** * The common task definition attributes used across all types of task definitions. */ export interface CommonTaskDefinitionAttributes { /** * The arn of the task definition */ readonly taskDefinitionArn: string; /** * The networking mode to use for the containers in the task. * * @default Network mode cannot be provided to the imported task. */ readonly networkMode?: NetworkMode; /** * The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. * * @default Permissions cannot be granted to the imported task. */ readonly taskRole?: iam.IRole; } /** * A reference to an existing task definition */ export interface TaskDefinitionAttributes extends CommonTaskDefinitionAttributes { /** * What launch types this task definition should be compatible with. * * @default Compatibility.EC2_AND_FARGATE */ readonly compatibility?: Compatibility; } declare abstract class TaskDefinitionBase extends Resource implements ITaskDefinition { abstract readonly compatibility: Compatibility; abstract readonly networkMode: NetworkMode; abstract readonly taskDefinitionArn: string; abstract readonly taskRole: iam.IRole; abstract readonly executionRole?: iam.IRole; /** * Return true if the task definition can be run on an EC2 cluster */ get isEc2Compatible(): boolean; /** * Return true if the task definition can be run on a Fargate cluster */ get isFargateCompatible(): boolean; /** * Return true if the task definition can be run on a ECS anywhere cluster */ get isExternalCompatible(): boolean; } /** * The base class for all task definitions. */ export declare class TaskDefinition extends TaskDefinitionBase { /** * Imports a task definition from the specified task definition ARN. * * The task will have a compatibility of EC2+Fargate. */ static fromTaskDefinitionArn(scope: Construct, id: string, taskDefinitionArn: string): ITaskDefinition; /** * Create a task definition from a task definition reference */ static fromTaskDefinitionAttributes(scope: Construct, id: string, attrs: TaskDefinitionAttributes): ITaskDefinition; /** * The name of a family that this task definition is registered to. * A family groups multiple versions of a task definition. */ readonly family: string; /** * The full Amazon Resource Name (ARN) of the task definition. * @attribute */ readonly taskDefinitionArn: string; /** * The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. */ readonly taskRole: iam.IRole; /** * The networking mode to use for the containers in the task. */ readonly networkMode: NetworkMode; /** * Default container for this task * * Load balancers will send traffic to this container. The first * essential container that is added to this task will become the default * container. */ defaultContainer?: ContainerDefinition; /** * The task launch type compatibility requirement. */ readonly compatibility: Compatibility; /** * The amount (in GiB) of ephemeral storage to be allocated to the task. * * Only supported in Fargate platform version 1.4.0 or later. */ readonly ephemeralStorageGiB?: number; /** * The container definitions. */ protected readonly containers: ContainerDefinition[]; /** * All volumes */ private readonly volumes; /** * Placement constraints for task instances */ private readonly placementConstraints; /** * Inference accelerators for task instances */ private readonly _inferenceAccelerators; private _executionRole?; private _referencesSecretJsonField?; private runtimePlatform?; /** * Constructs a new instance of the TaskDefinition class. */ constructor(scope: Construct, id: string, props: TaskDefinitionProps); get executionRole(): iam.IRole | undefined; /** * Public getter method to access list of inference accelerators attached to the instance. */ get inferenceAccelerators(): InferenceAccelerator[]; private renderVolumes; private renderInferenceAccelerators; /** * Validate the existence of the input target and set default values. * * @internal */ _validateTarget(options: LoadBalancerTargetOptions): LoadBalancerTarget; /** * Returns the port range to be opened that match the provided container name and container port. * * @internal */ _portRangeFromPortMapping(portMapping: PortMapping): ec2.Port; /** * Adds a policy statement to the task IAM role. */ addToTaskRolePolicy(statement: iam.PolicyStatement): void; /** * Adds a policy statement to the task execution IAM role. */ addToExecutionRolePolicy(statement: iam.PolicyStatement): void; /** * Adds a new container to the task definition. */ addContainer(id: string, props: ContainerDefinitionOptions): ContainerDefinition; /** * Adds a firelens log router to the task definition. */ addFirelensLogRouter(id: string, props: FirelensLogRouterDefinitionOptions): FirelensLogRouter; /** * Links a container to this task definition. * @internal */ _linkContainer(container: ContainerDefinition): void; /** * Adds a volume to the task definition. */ addVolume(volume: Volume): void; /** * Adds the specified placement constraint to the task definition. */ addPlacementConstraint(constraint: PlacementConstraint): void; /** * Adds the specified extension to the task definition. * * Extension can be used to apply a packaged modification to * a task definition. */ addExtension(extension: ITaskDefinitionExtension): void; /** * Adds an inference accelerator to the task definition. */ addInferenceAccelerator(inferenceAccelerator: InferenceAccelerator): void; /** * Creates the task execution IAM role if it doesn't already exist. */ obtainExecutionRole(): iam.IRole; /** * Whether this task definition has at least a container that references a * specific JSON field of a secret stored in Secrets Manager. */ get referencesSecretJsonField(): boolean | undefined; /** * Validates the task definition. */ protected validate(): string[]; /** * Returns the container that match the provided containerName. */ findContainer(containerName: string): ContainerDefinition | undefined; private renderNetworkMode; private renderContainers; private checkFargateWindowsBasedTasksSize; } /** * The networking mode to use for the containers in the task. */ export declare enum NetworkMode { /** * The task's containers do not have external connectivity and port mappings can't be specified in the container definition. */ NONE = "none", /** * The task utilizes Docker's built-in virtual network which runs inside each container instance. */ BRIDGE = "bridge", /** * The task is allocated an elastic network interface. */ AWS_VPC = "awsvpc", /** * The task bypasses Docker's built-in virtual network and maps container ports directly to the EC2 instance's network interface directly. * * In this mode, you can't run multiple instantiations of the same task on a * single container instance when port mappings are used. */ HOST = "host", /** * The task utilizes NAT network mode required by Windows containers. * * This is the only supported network mode for Windows containers. For more information, see * [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#network_mode). */ NAT = "nat" } /** * The IPC resource namespace to use for the containers in the task. */ export declare enum IpcMode { /** * If none is specified, then IPC resources within the containers of a task are private and not * shared with other containers in a task or on the container instance */ NONE = "none", /** * If host is specified, then all containers within the tasks that specified the host IPC mode on * the same container instance share the same IPC resources with the host Amazon EC2 instance. */ HOST = "host", /** * If task is specified, all containers within the specified task share the same IPC resources. */ TASK = "task" } /** * The process namespace to use for the containers in the task. */ export declare enum PidMode { /** * If host is specified, then all containers within the tasks that specified the host PID mode * on the same container instance share the same process namespace with the host Amazon EC2 instance. */ HOST = "host", /** * If task is specified, all containers within the specified task share the same process namespace. */ TASK = "task" } /** * Elastic Inference Accelerator. * For more information, see [Elastic Inference Basics](https://docs.aws.amazon.com/elastic-inference/latest/developerguide/basics.html) */ export interface InferenceAccelerator { /** * The Elastic Inference accelerator device name. * @default - empty */ readonly deviceName?: string; /** * The Elastic Inference accelerator type to use. The allowed values are: eia2.medium, eia2.large and eia2.xlarge. * @default - empty */ readonly deviceType?: string; } /** * A data volume used in a task definition. * * For tasks that use a Docker volume, specify a DockerVolumeConfiguration. * For tasks that use a bind mount host volume, specify a host and optional sourcePath. * * For more information, see [Using Data Volumes in Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html). */ export interface Volume { /** * This property is specified when you are using bind mount host volumes. * * Bind mount host volumes are supported when you are using either the EC2 or Fargate launch types. * The contents of the host parameter determine whether your bind mount host volume persists on the * host container instance and where it is stored. If the host parameter is empty, then the Docker * daemon assigns a host path for your data volume. However, the data is not guaranteed to persist * after the containers associated with it stop running. */ readonly host?: Host; /** * The name of the volume. * * Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed. * This name is referenced in the sourceVolume parameter of container definition mountPoints. */ readonly name: string; /** * This property is specified when you are using Docker volumes. * * Docker volumes are only supported when you are using the EC2 launch type. * Windows containers only support the use of the local driver. * To use bind mounts, specify a host instead. */ readonly dockerVolumeConfiguration?: DockerVolumeConfiguration; /** * This property is specified when you are using Amazon EFS. * * When specifying Amazon EFS volumes in tasks using the Fargate launch type, * Fargate creates a supervisor container that is responsible for managing the Amazon EFS volume. * The supervisor container uses a small amount of the task's memory. * The supervisor container is visible when querying the task metadata version 4 endpoint, * but is not visible in CloudWatch Container Insights. * * @default No Elastic FileSystem is setup */ readonly efsVolumeConfiguration?: EfsVolumeConfiguration; } /** * The details on a container instance bind mount host volume. */ export interface Host { /** * Specifies the path on the host container instance that is presented to the container. * If the sourcePath value does not exist on the host container instance, the Docker daemon creates it. * If the location does exist, the contents of the source path folder are exported. * * This property is not supported for tasks that use the Fargate launch type. */ readonly sourcePath?: string; } /** * Properties for an ECS target. * * @internal */ export interface LoadBalancerTarget { /** * The name of the container. */ readonly containerName: string; /** * The port mapping of the target. */ readonly portMapping: PortMapping; } /** * Properties for defining an ECS target. The port mapping for it must already have been created through addPortMapping(). */ export interface LoadBalancerTargetOptions { /** * The name of the container. */ readonly containerName: string; /** * The port number of the container. Only applicable when using application/network load balancers. * * @default - Container port of the first added port mapping. */ readonly containerPort?: number; /** * The protocol used for the port mapping. Only applicable when using application load balancers. * * @default Protocol.TCP */ readonly protocol?: Protocol; } /** * The configuration for a Docker volume. Docker volumes are only supported when you are using the EC2 launch type. */ export interface DockerVolumeConfiguration { /** * Specifies whether the Docker volume should be created if it does not already exist. * If true is specified, the Docker volume will be created for you. * * @default false */ readonly autoprovision?: boolean; /** * The Docker volume driver to use. */ readonly driver: string; /** * A map of Docker driver-specific options passed through. * * @default No options */ readonly driverOpts?: { [key: string]: string; }; /** * Custom metadata to add to your Docker volume. * * @default No labels */ readonly labels?: { [key: string]: string; }; /** * The scope for the Docker volume that determines its lifecycle. */ readonly scope: Scope; } /** * The authorization configuration details for the Amazon EFS file system. */ export interface AuthorizationConfig { /** * The access point ID to use. * If an access point is specified, the root directory value will be * relative to the directory set for the access point. * If specified, transit encryption must be enabled in the EFSVolumeConfiguration. * * @default No id */ readonly accessPointId?: string; /** * Whether or not to use the Amazon ECS task IAM role defined * in a task definition when mounting the Amazon EFS file system. * If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. * * Valid values: ENABLED | DISABLED * * @default If this parameter is omitted, the default value of DISABLED is used. */ readonly iam?: string; } /** * The configuration for an Elastic FileSystem volume. */ export interface EfsVolumeConfiguration { /** * The Amazon EFS file system ID to use. */ readonly fileSystemId: string; /** * The directory within the Amazon EFS file system to mount as the root directory inside the host. * Specifying / will have the same effect as omitting this parameter. * * @default The root of the Amazon EFS volume */ readonly rootDirectory?: string; /** * Whether or not to enable encryption for Amazon EFS data in transit between * the Amazon ECS host and the Amazon EFS server. * Transit encryption must be enabled if Amazon EFS IAM authorization is used. * * Valid values: ENABLED | DISABLED * * @default DISABLED */ readonly transitEncryption?: string; /** * The port to use when sending encrypted data between * the Amazon ECS host and the Amazon EFS server. EFS mount helper uses. * * @default Port selection strategy that the Amazon EFS mount helper uses. */ readonly transitEncryptionPort?: number; /** * The authorization configuration details for the Amazon EFS file system. * * @default No configuration. */ readonly authorizationConfig?: AuthorizationConfig; } /** * The scope for the Docker volume that determines its lifecycle. * Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. * Docker volumes that are scoped as shared persist after the task stops. */ export declare enum Scope { /** * Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. */ TASK = "task", /** * Docker volumes that are scoped as shared persist after the task stops. */ SHARED = "shared" } /** * The task launch type compatibility requirement. */ export declare enum Compatibility { /** * The task should specify the EC2 launch type. */ EC2 = 0, /** * The task should specify the Fargate launch type. */ FARGATE = 1, /** * The task can specify either the EC2 or Fargate launch types. */ EC2_AND_FARGATE = 2, /** * The task should specify the External launch type. */ EXTERNAL = 3 } /** * An extension for Task Definitions * * Classes that want to make changes to a TaskDefinition (such as * adding helper containers) can implement this interface, and can * then be "added" to a TaskDefinition like so: * * taskDefinition.addExtension(new MyExtension("some_parameter")); */ export interface ITaskDefinitionExtension { /** * Apply the extension to the given TaskDefinition * * @param taskDefinition [disable-awslint:ref-via-interface] */ extend(taskDefinition: TaskDefinition): void; } /** * Return true if the given task definition can be run on an EC2 cluster */ export declare function isEc2Compatible(compatibility: Compatibility): boolean; /** * Return true if the given task definition can be run on a Fargate cluster */ export declare function isFargateCompatible(compatibility: Compatibility): boolean; /** * Return true if the given task definition can be run on a ECS Anywhere cluster */ export declare function isExternalCompatible(compatibility: Compatibility): boolean; export {};